Virtusa
Lead Security Automation Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Virtusa
Virtusa Corporation is a global information technology services company based in Southborough, Massachusetts, founded in 1996. The company specializes in digital business transformation, digital engineering, and IT outsourcing services, catering to clients in various sectors including financial services, healthcare, telecommunications, media, entertainment, travel, manufacturing, and technology. Virtusa offers a wide array of services such as digital transformation, artificial intelligence, cloud computing, robotics, data analytics, IT strategy, UX design, and technology consulting. Its "Engineering First"approach combines industry expertise with agile teams to deliver scalable solutions that help clients innovate and modernize their IT infrastructure. The company supports Global 2000 clients in reimagining business models and enhancing operational efficiencies through digital labor. With a presence in over 25 countries and a workforce of more than 21,000 employees, Virtusa has grown through strategic acquisitions and emphasizes a culture of innovation and community responsibility. The company partners with leading technology providers to drive client transformation and consistently achieves high client satisfaction ratings.
Security at Virtusa
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Virtusa publicly states an Information Security Management System (ISMS) and an Information Security Forum (ISF) that serves as the apex body for overseeing the implementation of the ISMS. They describe a 'defense-in-depth strategy' and alignment to standards including ISO 27001, NIST, and HITRUST.
- Mandatory training on secure software development is essential for their technical team, and external penetration testing is performed by a qualified service provider once every fiscal year.
Security Team
Virtusa's AppSec team is involved in tasks such as working with application teams to complete threat models, developing and delivering security patterns, and gaining experience with Application Security design and DevSecOps. They require familiarity with frameworks like NIST 800-53, CSF, OWASP ASVS, and threat modeling frameworks including CAPEC, ATT&CK, and STRIDE. Multiple AppSec job postings indicate active hiring. While detailed AppSec organizational structure, reporting lines, and a public roster of AppSec leaders are not publicly available, Vikram Dhanda is identified as the CISO at Virtusa.
Key Initiatives
Virtusa's initiatives include 'shift-left security' practices, incorporating automation, 'policy as a code using Terraform', and Azure DevOps in secure cloud modernization. They mandate training on secure software development for their technical team and conduct external penetration testing annually. Operational responsibilities include threat modeling, developing security patterns, and applying Application Security design and DevSecOps. They also employ 'Shift Left methods' for an 'accelerated test life cycle'. Information regarding a Security Champions program is not publicly available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.